One day before the mid-year mark, the European Union made its biggest AI policy move since passing the original AI Act. On June 29, 2026, the EU Council gave its final green light to the “Digital Omnibus” — a sweeping reform package that rewrites key parts of the AI Act, bans a disturbing category of AI applications outright, and reshuffles every major compliance deadline in the book.

If you work in AI, run a company that uses AI tools, or simply care about how powerful technology gets governed, this is the week’s most consequential development. Let me break it down clearly — no legal jargon, just what actually changed.

What Is the Digital Omnibus and Why Did the EU Do This?

Here’s some context first, because this doesn’t come out of nowhere. The original EU AI Act, fully passed in 2024, was ambitious but complex. Critics — including thousands of European startups and several member state governments — argued it was so burdensome for smaller companies that it would drive AI development and investment out of Europe entirely.

The European Commission listened. The Digital Omnibus is the result: a “simplification agenda” designed to keep the AI Act’s protections in place while making compliance actually achievable for companies that aren’t Google or Meta.

The real question is whether the EU struck the right balance — or whether it gave too much ground to the Big Tech lobbying pressure that’s been relentless since the Act passed. More on that in a moment.

The Three Biggest Changes You Need to Know

1. High-Risk AI Deadlines Got Extended — Significantly

The original deadline for high-risk AI system compliance was August 2, 2026. That’s in about five weeks. For most companies building AI into products like medical devices, HR systems, or credit scoring tools, that deadline was never realistic.

The new dates: standalone high-risk AI systems must comply by December 2, 2027. High-risk AI systems embedded in physical products get until August 2, 2028. That’s a 12-to-24-month extension depending on your use case. For startups and mid-sized enterprises, this is genuinely significant breathing room.

But wait — the extension comes with conditions. Companies still need to start their compliance documentation now. The extended dates don’t mean “start later,” they mean “complete later.” There’s a difference, and regulators are watching.

2. “Nudifier” Apps Are Now Explicitly Banned

This is the most viscerally clear provision in the entire update. AI systems that generate non-consensual sexual or intimate imagery — so-called “nudifier” apps — are banned outright under the updated AI Act, effective December 2, 2026.

The penalties are severe: up to €35 million or 7% of global annual turnover, whichever is higher. In my experience, this is the category of AI harm that has the most immediate and tangible victims. The EU is the first major jurisdiction to ban this category comprehensively.

3. Transparency Rules Get Compressed, Not Extended

Here’s where it gets interesting, and where the balance tips the other way. While high-risk compliance deadlines were extended, the grace period for AI-generated content transparency was shortened. Companies now have just three months — not six — to implement disclosures when their AI systems generate content that could be mistaken for human-made material.

That new deadline: December 2, 2026. If you run a media company using AI to generate articles, a marketing firm using AI-written copy, or a social platform with AI-generated posts — December 2026 is when your disclosure obligations become legally enforceable.

Was This a Win for Innovation or a Win for Big Tech Lobbying?

Now, not everyone is celebrating. Amnesty International published a sharp criticism of the Digital Omnibus, arguing that the “simplification agenda” is really a lobbying win dressed up as bureaucratic reform.

The Corporate Europe Observatory documented how major technology companies engaged intensively with EU policymakers during the omnibus negotiations, advocating specifically for the extensions to high-risk compliance timelines that ultimately made it into the final text.

And honestly, they have a point worth taking seriously. Extending compliance deadlines sounds like pragmatic governance. But when the companies benefiting from those extensions are already using AI at scale — making consequential decisions about credit, employment, and healthcare — the “we need more time to comply” argument starts to sound like “we’d prefer not to be held accountable right now.”

What AI Teams and Compliance Officers Should Do Right Now

So yeah. Here’s the practical list for anyone working with AI systems in or for the European market:

If you’re building or deploying high-risk AI (medical, HR, credit, law enforcement): December 2027 is your hard deadline. Use the next 18 months to map your systems against the risk tiers in Annex III of the AI Act, document your conformity assessments, and build your human oversight mechanisms. Don’t wait until 2027.

If you’re generating AI content for European audiences: December 2, 2026 is when transparency disclosures become mandatory. You have exactly five months to implement clear labeling on AI-generated text, images, audio, and video.

If you’re operating anything resembling a nudification tool — even as a feature, even as an API — shut it down before December 2. The fines are not hypothetical.

Key Takeaways

  • The EU rewrote its AI rulebook: The Digital Omnibus, finalized June 29, 2026, is the biggest update to the EU AI Act since it passed.
  • High-risk AI gets more time: New compliance deadlines push to December 2027 and August 2028, giving companies 12-24 extra months.
  • “Nudifier” apps banned by December 2026: Fines up to €35 million or 7% of global turnover.
  • Transparency window shortened: AI-generated content disclosure grace period cut from 6 to 3 months — due December 2, 2026.
  • The lobbying debate won’t go away: Critics argue the extensions were shaped by Big Tech pressure; how companies use the extra time will tell.

The EU AI Act started as the most ambitious attempt to govern artificial intelligence in human history. What emerges from the Digital Omnibus is something messier — more pragmatic in some areas, more compromised in others. As December 2026 approaches, we’ll find out very quickly which companies were using the extra time to get safer, and which were simply buying themselves a quieter year. Which kind of company do you work for?